diff --git a/src/mares_nemo.c b/src/mares_nemo.c index 94ffe50..10e448a 100644 --- a/src/mares_nemo.c +++ b/src/mares_nemo.c @@ -165,8 +165,10 @@ mares_nemo_device_dump (device_t *abstract, unsigned char data[], unsigned int s if (! device_is_mares_nemo (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; - if (size < MARES_NEMO_MEMORY_SIZE) - return DEVICE_STATUS_ERROR; + if (size < MARES_NEMO_MEMORY_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } // Receive the header of the package. unsigned char header = 0x00; diff --git a/src/oceanic_atom2.c b/src/oceanic_atom2.c index 50a7f0a..1109d8f 100644 --- a/src/oceanic_atom2.c +++ b/src/oceanic_atom2.c @@ -494,8 +494,10 @@ oceanic_atom2_device_dump (device_t *abstract, unsigned char data[], unsigned in if (! device_is_oceanic_atom2 (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; - if (size < OCEANIC_ATOM2_MEMORY_SIZE) - return DEVICE_STATUS_ERROR; + if (size < OCEANIC_ATOM2_MEMORY_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } device_status_t rc = oceanic_atom2_device_read (abstract, 0x00, data, OCEANIC_ATOM2_MEMORY_SIZE); if (rc != DEVICE_STATUS_SUCCESS) diff --git a/src/oceanic_veo250.c b/src/oceanic_veo250.c index 35ea32d..7ab09e5 100644 --- a/src/oceanic_veo250.c +++ b/src/oceanic_veo250.c @@ -471,8 +471,10 @@ oceanic_veo250_device_dump (device_t *abstract, unsigned char data[], unsigned i if (! device_is_oceanic_veo250 (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; - if (size < OCEANIC_VEO250_MEMORY_SIZE) - return DEVICE_STATUS_ERROR; + if (size < OCEANIC_VEO250_MEMORY_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } device_status_t rc = oceanic_veo250_device_read (abstract, 0x00, data, OCEANIC_VEO250_MEMORY_SIZE); if (rc != DEVICE_STATUS_SUCCESS) diff --git a/src/oceanic_vtpro.c b/src/oceanic_vtpro.c index 2b5addd..1b4c783 100644 --- a/src/oceanic_vtpro.c +++ b/src/oceanic_vtpro.c @@ -508,8 +508,10 @@ oceanic_vtpro_device_dump (device_t *abstract, unsigned char data[], unsigned in if (! device_is_oceanic_vtpro (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; - if (size < OCEANIC_VTPRO_MEMORY_SIZE) - return DEVICE_STATUS_ERROR; + if (size < OCEANIC_VTPRO_MEMORY_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } device_status_t rc = oceanic_vtpro_device_read (abstract, 0x00, data, OCEANIC_VTPRO_MEMORY_SIZE); if (rc != DEVICE_STATUS_SUCCESS) diff --git a/src/reefnet_sensus.c b/src/reefnet_sensus.c index 8ed078d..ae44397 100644 --- a/src/reefnet_sensus.c +++ b/src/reefnet_sensus.c @@ -196,6 +196,11 @@ reefnet_sensus_device_handshake (device_t *abstract, unsigned char *data, unsign if (! device_is_reefnet_sensus (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; + if (size < REEFNET_SENSUS_HANDSHAKE_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } + // Send the command to the device. unsigned char command = 0x0A; int n = serial_write (device->port, &command, 1); @@ -237,12 +242,7 @@ reefnet_sensus_device_handshake (device_t *abstract, unsigned char *data, unsign handshake[8] + (handshake[9] << 8) + (handshake[10] << 16) + (handshake[11] << 24)); #endif - if (size >= REEFNET_SENSUS_HANDSHAKE_SIZE) { - memcpy (data, handshake + 2, REEFNET_SENSUS_HANDSHAKE_SIZE); - } else { - WARNING ("Insufficient buffer space available."); - return DEVICE_STATUS_MEMORY; - } + memcpy (data, handshake + 2, REEFNET_SENSUS_HANDSHAKE_SIZE); // Wait at least 10 ms to ensures the data line is // clear before transmission from the host begins. @@ -261,6 +261,11 @@ reefnet_sensus_device_dump (device_t *abstract, unsigned char *data, unsigned in if (! device_is_reefnet_sensus (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; + if (size < REEFNET_SENSUS_MEMORY_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } + // Enable progress notifications. device_progress_state_t progress; progress_init (&progress, abstract, 4 + REEFNET_SENSUS_MEMORY_SIZE + 2 + 3); @@ -312,12 +317,7 @@ reefnet_sensus_device_dump (device_t *abstract, unsigned char *data, unsigned in return DEVICE_STATUS_PROTOCOL; } - if (size >= REEFNET_SENSUS_MEMORY_SIZE) { - memcpy (data, answer + 4, REEFNET_SENSUS_MEMORY_SIZE); - } else { - WARNING ("Insufficient buffer space available."); - return DEVICE_STATUS_MEMORY; - } + memcpy (data, answer + 4, REEFNET_SENSUS_MEMORY_SIZE); if (result) *result = REEFNET_SENSUS_MEMORY_SIZE; diff --git a/src/reefnet_sensuspro.c b/src/reefnet_sensuspro.c index 0dcaea2..5c30553 100644 --- a/src/reefnet_sensuspro.c +++ b/src/reefnet_sensuspro.c @@ -170,6 +170,11 @@ reefnet_sensuspro_device_handshake (device_t *abstract, unsigned char *data, uns if (! device_is_reefnet_sensuspro (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; + if (size < REEFNET_SENSUSPRO_HANDSHAKE_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } + // Assert a break condition. serial_set_break (device->port, 1); @@ -208,12 +213,7 @@ reefnet_sensuspro_device_handshake (device_t *abstract, unsigned char *data, uns handshake[6] + (handshake[7] << 8) + (handshake[8] << 16) + (handshake[9] << 24)); #endif - if (size >= REEFNET_SENSUSPRO_HANDSHAKE_SIZE) { - memcpy (data, handshake, REEFNET_SENSUSPRO_HANDSHAKE_SIZE); - } else { - WARNING ("Insufficient buffer space available."); - return DEVICE_STATUS_MEMORY; - } + memcpy (data, handshake, REEFNET_SENSUSPRO_HANDSHAKE_SIZE); serial_sleep (10); @@ -229,6 +229,11 @@ reefnet_sensuspro_device_dump (device_t *abstract, unsigned char *data, unsigned if (! device_is_reefnet_sensuspro (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; + if (size < REEFNET_SENSUSPRO_MEMORY_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } + // Enable progress notifications. device_progress_state_t progress; progress_init (&progress, abstract, REEFNET_SENSUSPRO_MEMORY_SIZE + 2); @@ -267,12 +272,7 @@ reefnet_sensuspro_device_dump (device_t *abstract, unsigned char *data, unsigned return DEVICE_STATUS_PROTOCOL; } - if (size >= REEFNET_SENSUSPRO_MEMORY_SIZE) { - memcpy (data, answer, REEFNET_SENSUSPRO_MEMORY_SIZE); - } else { - WARNING ("Insufficient buffer space available."); - return DEVICE_STATUS_MEMORY; - } + memcpy (data, answer, REEFNET_SENSUSPRO_MEMORY_SIZE); if (result) *result = REEFNET_SENSUSPRO_MEMORY_SIZE; diff --git a/src/reefnet_sensusultra.c b/src/reefnet_sensusultra.c index b167b46..1886592 100644 --- a/src/reefnet_sensusultra.c +++ b/src/reefnet_sensusultra.c @@ -273,6 +273,11 @@ reefnet_sensusultra_device_handshake (device_t *abstract, unsigned char *data, u if (! device_is_reefnet_sensusultra (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; + if (size < REEFNET_SENSUSULTRA_HANDSHAKE_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } + // Flush the input and output buffers. serial_flush (device->port, SERIAL_QUEUE_BOTH); @@ -322,12 +327,7 @@ reefnet_sensusultra_device_handshake (device_t *abstract, unsigned char *data, u handshake[22] + (handshake[23] << 8)); #endif - if (size >= REEFNET_SENSUSULTRA_HANDSHAKE_SIZE) { - memcpy (data, handshake, REEFNET_SENSUSULTRA_HANDSHAKE_SIZE); - } else { - WARNING ("Insufficient buffer space available."); - return DEVICE_STATUS_MEMORY; - } + memcpy (data, handshake, REEFNET_SENSUSULTRA_HANDSHAKE_SIZE); return DEVICE_STATUS_SUCCESS; } @@ -336,8 +336,7 @@ reefnet_sensusultra_device_handshake (device_t *abstract, unsigned char *data, u static device_status_t reefnet_sensusultra_page (reefnet_sensusultra_device_t *device, unsigned char *data, unsigned int size, unsigned int pagenum) { - if (device == NULL) - return DEVICE_STATUS_ERROR; + assert (size >= REEFNET_SENSUSULTRA_PACKET_SIZE); device_status_t rc = DEVICE_STATUS_SUCCESS; unsigned int nretries = 0; @@ -365,12 +364,7 @@ reefnet_sensusultra_page (reefnet_sensusultra_device_t *device, unsigned char *d return DEVICE_STATUS_PROTOCOL; } - if (size >= REEFNET_SENSUSULTRA_PACKET_SIZE) { - memcpy (data, package + 2, REEFNET_SENSUSULTRA_PACKET_SIZE); - } else { - WARNING ("Insufficient buffer space available."); - return DEVICE_STATUS_MEMORY; - } + memcpy (data, package + 2, REEFNET_SENSUSULTRA_PACKET_SIZE); return DEVICE_STATUS_SUCCESS; } @@ -384,8 +378,10 @@ reefnet_sensusultra_device_dump (device_t *abstract, unsigned char *data, unsign if (! device_is_reefnet_sensusultra (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; - if (size < REEFNET_SENSUSULTRA_MEMORY_DATA_SIZE) - return DEVICE_STATUS_ERROR; + if (size < REEFNET_SENSUSULTRA_MEMORY_DATA_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } // Enable progress notifications. device_progress_state_t progress; @@ -432,8 +428,10 @@ reefnet_sensusultra_device_read_user (device_t *abstract, unsigned char *data, u if (! device_is_reefnet_sensusultra (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; - if (size < REEFNET_SENSUSULTRA_MEMORY_USER_SIZE) - return DEVICE_STATUS_ERROR; + if (size < REEFNET_SENSUSULTRA_MEMORY_USER_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } // Send the instruction code to the device. device_status_t rc = reefnet_sensusultra_send_ushort (device, 0xB420); @@ -469,7 +467,10 @@ reefnet_sensusultra_device_write_user (device_t *abstract, const unsigned char * if (! device_is_reefnet_sensusultra (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; - assert (size >= REEFNET_SENSUSULTRA_MEMORY_USER_SIZE); + if (size < REEFNET_SENSUSULTRA_MEMORY_USER_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } // Send the instruction code to the device. device_status_t rc = reefnet_sensusultra_send_ushort (device, 0xB430); @@ -563,6 +564,11 @@ reefnet_sensusultra_device_sense (device_t *abstract, unsigned char *data, unsig if (! device_is_reefnet_sensusultra (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; + if (size < REEFNET_SENSUSULTRA_SENSE_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } + // Send the instruction code to the device. device_status_t rc = reefnet_sensusultra_send_ushort (device, 0xB440); if (rc != DEVICE_STATUS_SUCCESS) @@ -574,12 +580,7 @@ reefnet_sensusultra_device_sense (device_t *abstract, unsigned char *data, unsig if (rc != DEVICE_STATUS_SUCCESS) return rc; - if (size >= REEFNET_SENSUSULTRA_SENSE_SIZE) { - memcpy (data, package, REEFNET_SENSUSULTRA_SENSE_SIZE); - } else { - WARNING ("Insufficient buffer space available."); - return DEVICE_STATUS_MEMORY; - } + memcpy (data, package, REEFNET_SENSUSULTRA_SENSE_SIZE); return DEVICE_STATUS_SUCCESS; } diff --git a/src/suunto_d9.c b/src/suunto_d9.c index c4a2b6d..52a2446 100644 --- a/src/suunto_d9.c +++ b/src/suunto_d9.c @@ -260,8 +260,10 @@ suunto_d9_device_version (device_t *abstract, unsigned char data[], unsigned int if (! device_is_suunto_d9 (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; - if (size < SUUNTO_D9_VERSION_SIZE) + if (size < SUUNTO_D9_VERSION_SIZE) { + WARNING ("Insufficient buffer space available."); return DEVICE_STATUS_MEMORY; + } unsigned char answer[SUUNTO_D9_VERSION_SIZE + 4] = {0}; unsigned char command[4] = {0x0F, 0x00, 0x00, 0x0F}; @@ -409,8 +411,10 @@ suunto_d9_device_dump (device_t *abstract, unsigned char data[], unsigned int si if (! device_is_suunto_d9 (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; - if (size < SUUNTO_D9_MEMORY_SIZE) - return DEVICE_STATUS_ERROR; + if (size < SUUNTO_D9_MEMORY_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } // Enable progress notifications. device_progress_state_t progress; diff --git a/src/suunto_eon.c b/src/suunto_eon.c index 8820a14..ff576b9 100644 --- a/src/suunto_eon.c +++ b/src/suunto_eon.c @@ -159,6 +159,11 @@ suunto_eon_device_dump (device_t *abstract, unsigned char data[], unsigned int s if (! device_is_suunto_eon (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; + if (size < SUUNTO_EON_MEMORY_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } + // Enable progress notifications. device_progress_state_t progress; progress_init (&progress, abstract, SUUNTO_EON_MEMORY_SIZE + 1); @@ -189,12 +194,7 @@ suunto_eon_device_dump (device_t *abstract, unsigned char data[], unsigned int s return DEVICE_STATUS_PROTOCOL; } - if (size >= SUUNTO_EON_MEMORY_SIZE) { - memcpy (data, answer, SUUNTO_EON_MEMORY_SIZE); - } else { - WARNING ("Insufficient buffer space available."); - return DEVICE_STATUS_MEMORY; - } + memcpy (data, answer, SUUNTO_EON_MEMORY_SIZE); if (result) *result = SUUNTO_EON_MEMORY_SIZE; diff --git a/src/suunto_solution.c b/src/suunto_solution.c index bc0f5e3..07adacc 100644 --- a/src/suunto_solution.c +++ b/src/suunto_solution.c @@ -160,8 +160,10 @@ suunto_solution_device_dump (device_t *abstract, unsigned char data[], unsigned if (! device_is_suunto_solution (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; - if (size < SUUNTO_SOLUTION_MEMORY_SIZE) + if (size < SUUNTO_SOLUTION_MEMORY_SIZE) { + WARNING ("Insufficient buffer space available."); return DEVICE_STATUS_MEMORY; + } int n = 0; unsigned char command[3] = {0}; diff --git a/src/suunto_vyper.c b/src/suunto_vyper.c index 47cbee5..17e8e69 100644 --- a/src/suunto_vyper.c +++ b/src/suunto_vyper.c @@ -427,15 +427,16 @@ suunto_vyper_read_dive (device_t *abstract, unsigned char data[], unsigned int s return DEVICE_STATUS_PROTOCOL; } - // Append the package to the output buffer. - if (nbytes + len <= size) { - memcpy (data + nbytes, answer + 2, len); - nbytes += len; - } else { + // Check for a buffer overflow. + if (size < nbytes + len) { WARNING ("Insufficient buffer space available."); return DEVICE_STATUS_MEMORY; } + // Append the package to the output buffer. + memcpy (data + nbytes, answer + 2, len); + nbytes += len; + // The DC sends a null package (a package with length zero) when it // has reached the end of its internal ring buffer. From this point on, // the current dive has been overwritten with newer data. Therefore, @@ -501,8 +502,10 @@ suunto_vyper_device_dump (device_t *abstract, unsigned char data[], unsigned int if (! device_is_suunto_vyper (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; - if (size < SUUNTO_VYPER_MEMORY_SIZE) - return DEVICE_STATUS_ERROR; + if (size < SUUNTO_VYPER_MEMORY_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } // Enable progress notifications. device_progress_state_t progress; diff --git a/src/suunto_vyper2.c b/src/suunto_vyper2.c index 1935827..97d956c 100644 --- a/src/suunto_vyper2.c +++ b/src/suunto_vyper2.c @@ -247,8 +247,10 @@ suunto_vyper2_device_version (device_t *abstract, unsigned char data[], unsigned if (! device_is_suunto_vyper2 (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; - if (size < SUUNTO_VYPER2_VERSION_SIZE) + if (size < SUUNTO_VYPER2_VERSION_SIZE) { + WARNING ("Insufficient buffer space available."); return DEVICE_STATUS_MEMORY; + } unsigned char answer[SUUNTO_VYPER2_VERSION_SIZE + 4] = {0}; unsigned char command[4] = {0x0F, 0x00, 0x00, 0x0F}; @@ -396,8 +398,10 @@ suunto_vyper2_device_dump (device_t *abstract, unsigned char data[], unsigned in if (! device_is_suunto_vyper2 (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; - if (size < SUUNTO_VYPER2_MEMORY_SIZE) - return DEVICE_STATUS_ERROR; + if (size < SUUNTO_VYPER2_MEMORY_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } // Enable progress notifications. device_progress_state_t progress; diff --git a/src/uwatec_aladin.c b/src/uwatec_aladin.c index c676d74..493b3e5 100644 --- a/src/uwatec_aladin.c +++ b/src/uwatec_aladin.c @@ -179,6 +179,11 @@ uwatec_aladin_device_dump (device_t *abstract, unsigned char data[], unsigned in if (! device_is_uwatec_aladin (abstract)) return DEVICE_STATUS_TYPE_MISMATCH; + if (size < UWATEC_ALADIN_MEMORY_SIZE) { + WARNING ("Insufficient buffer space available."); + return DEVICE_STATUS_MEMORY; + } + // Enable progress notifications. device_progress_state_t progress; progress_init (&progress, abstract, UWATEC_ALADIN_MEMORY_SIZE + 2); @@ -224,12 +229,7 @@ uwatec_aladin_device_dump (device_t *abstract, unsigned char data[], unsigned in return DEVICE_STATUS_PROTOCOL; } - if (size >= UWATEC_ALADIN_MEMORY_SIZE) { - memcpy (data, answer, UWATEC_ALADIN_MEMORY_SIZE); - } else { - WARNING ("Insufficient buffer space available."); - return DEVICE_STATUS_MEMORY; - } + memcpy (data, answer, UWATEC_ALADIN_MEMORY_SIZE); if (result) *result = UWATEC_ALADIN_MEMORY_SIZE; diff --git a/src/uwatec_memomouse.c b/src/uwatec_memomouse.c index 44c7f81..497d3c1 100644 --- a/src/uwatec_memomouse.c +++ b/src/uwatec_memomouse.c @@ -267,13 +267,13 @@ uwatec_memomouse_read_packet_outer (uwatec_memomouse_device_t *device, unsigned message ("\"\n"); #endif - if (size >= length) { - memcpy (data, package + 1, length); - } else { + if (size < length) { WARNING ("Insufficient buffer space available."); return DEVICE_STATUS_MEMORY; } + memcpy (data, package + 1, length); + if (result) *result = length; @@ -462,14 +462,13 @@ uwatec_memomouse_device_dump (device_t *abstract, unsigned char data[], unsigned if (rc != DEVICE_STATUS_SUCCESS) return rc; - if (length - 3 <= size) { - memcpy (data, buffer + 2, length - 3); - } else { + if (size < length - 3) { WARNING ("Insufficient buffer space available."); free (buffer); return DEVICE_STATUS_MEMORY; } + memcpy (data, buffer + 2, length - 3); free (buffer); if (result) diff --git a/src/uwatec_smart.c b/src/uwatec_smart.c index 78838cb..7ed5613 100644 --- a/src/uwatec_smart.c +++ b/src/uwatec_smart.c @@ -322,13 +322,13 @@ uwatec_smart_device_version (device_t *abstract, unsigned char data[], unsigned message ("handshake: model=0x%02x\n", answer[8]); - if (size >= UWATEC_SMART_VERSION_SIZE) { - memcpy (data, answer, UWATEC_SMART_VERSION_SIZE); - } else { + if (size < UWATEC_SMART_VERSION_SIZE) { WARNING ("Insufficient buffer space available."); return DEVICE_STATUS_MEMORY; } + memcpy (data, answer, UWATEC_SMART_VERSION_SIZE); + return DEVICE_STATUS_SUCCESS; } @@ -439,14 +439,13 @@ uwatec_smart_device_dump (device_t *abstract, unsigned char data[], unsigned int if (rc != DEVICE_STATUS_SUCCESS) return rc; - if (length <= size) { - memcpy (data, buffer, length); - } else { + if (size < length) { WARNING ("Insufficient buffer space available."); free (buffer); return DEVICE_STATUS_MEMORY; } + memcpy (data, buffer, length); free (buffer); if (result)